Hi folks! I tried searching the list but didn’t see anything promising...
I had LDAP auth setup and working great on the Community version, but as soon as I upgraded to Professional (version 0.15.3.6343), it ceased allowing logins.
A debug of the login shows:
LDAP[Connecting to xxx.xxx.xxx.xxx] LDAP[Connected] LDAP[Referrals][Disabled] LDAP[Version][Set to 3] LDAP[Bind DN called] LDAP[Bind][cn=manager,ou=Internal,dc=example,dc=com] LDAP[Filter][(uid=testuser)][ou=Users,ou=Accounts,dc=example,dc=com] LDAP[Authenticate][User: testuser][Bind user: cn=Test User,ou=Users,ou=Accounts,dc=example,dc=com] LDAP[Authenticate][Comparing: cn=admins,ou=Groups,ou=Accounts,dc=example,dc=com][member=cn=Test User,ou=Users,ou=Accounts,dc=example,dc=com] LDAP[Authenticate][Compare LDAP error: No such object]
So this part looked a bit strange to me:
LDAP[Authenticate][Comparing: cn=admins,ou=Groups,ou=Accounts,dc=example,dc=com][member=cn=Test User,ou=Users,ou=Accounts,dc=example,dc=com]
(notice the strange "member=cn=…" part)
My config is:
// Begin LDAP Config $config['auth_mechanism'] = "ldap"; $config['auth_ldap_starttls'] = FALSE; $config['auth_ldap_binddn'] = "cn=manager,ou=Internal,dc=example,dc=com"; $config['auth_ldap_bindpw'] = “PASSWORD_HERE"; $config['auth_ldap_attr']['uid'] = "uid"; $config['auth_ldap_attr']['uidNumber'] = "uidNumber"; $config['auth_ldap_attr']['cn'] = "cn"; $config['auth_ldap_objectclass'] = "inetOrgPerson"; $config['auth_ldap_version'] = 3; $config['auth_ldap_server'] = “LDAP_SERVER_IP"; $config['auth_ldap_port'] = 389; $config['auth_ldap_prefix'] = "cn="; $config['auth_ldap_suffix'] = ",ou=Users,ou=Accounts,dc=example,dc=com"; $config['auth_ldap_group'] = array("cn=admins,ou=Groups,ou=Accounts,dc=example,dc=com"); $config['auth_ldap_groupbase'] = "ou=Groups,ou=Accounts,dc=example,dc=com"; $config['auth_ldap_groupmembertype'] = "fulldn"; $config['auth_ldap_groupmemberattr'] = "member"; unset($config['auth_ldap_groups']); $config['auth_ldap_groups']['admins']['level'] = 10; // End LDAP Config
Again, this same config works like a champ on the community edition. Did something change with LDAP auth in the professional edition? Am I missing something?
Thanks!
—George
George Phillips www.pfsense.org